cursor-compliance-audit
Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".
89
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines a specific niche (compliance auditing for Cursor IDE), lists concrete actions (assessment, evidence collection, remediation across SOC 2/GDPR/HIPAA), and provides explicit trigger terms. The description is concise, uses third-person voice, and would be easily distinguishable from other skills in a large skill library.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation' — these are distinct, concrete activities within a well-defined domain. | 3 / 3 |
Completeness | Clearly answers both 'what' (compliance and security auditing for Cursor IDE: SOC 2, GDPR, HIPAA assessment, evidence collection, remediation) and 'when' (explicit triggers listed with 'Triggers on...' clause). | 3 / 3 |
Trigger Term Quality | Includes explicit natural trigger terms like 'cursor compliance', 'cursor audit', 'cursor security review', 'cursor soc2', 'cursor gdpr', 'cursor data governance' — these are terms users would naturally use when seeking this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining Cursor IDE with compliance/security auditing frameworks (SOC 2, GDPR, HIPAA). The 'cursor' prefix on all trigger terms further reduces conflict risk with generic compliance or generic Cursor skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable compliance auditing skill with concrete checklists, specific remediation steps, and clear verification checkpoints. Its main weakness is that it's a large monolithic document that would benefit from splitting detailed checklists and remediation playbooks into separate bundle files. The content is mostly efficient but could trim some explanatory context that compliance-savvy Claude wouldn't need.
Suggestions
Split the detailed audit checklists (SOC 2, GDPR, HIPAA) and remediation playbooks into separate bundle files, keeping SKILL.md as a concise overview with links to each.
Remove or condense the certification table and data processing architecture diagram, which serve more as reference material than actionable guidance — or move them to a separate SECURITY_POSTURE.md file.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably well-organized but includes some information that could be tightened. The data processing architecture diagram and certification table are useful, but some sections like the GDPR individual rights table and enterprise considerations contain information that's more reference material than actionable guidance. The overall length is substantial but mostly justified by the breadth of compliance frameworks covered. | 2 / 3 |
Actionability | The skill provides highly concrete, actionable checklists with specific steps, exact file patterns for .cursorignore, specific dashboard navigation paths, and clear remediation procedures with severity ratings. Each finding includes numbered remediation steps with specific actions like 'Admin Dashboard > Privacy > Enable enforcement' rather than vague instructions. | 3 / 3 |
Workflow Clarity | Each remediation playbook follows a clear sequence with verification steps (e.g., 'Verify enforcement: check each member's status in dashboard', 'Verify: Cursor Settings > Codebase Indexing > View included files'). The audit checklists include explicit evidence collection requirements, and the HIPAA section includes a critical escalation step ('Consult your compliance team before any Cursor usage'). Feedback loops are present where needed. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear section headers and logical organization across compliance frameworks. However, this is a long monolithic document (~200 lines) with no bundle files to offload detailed checklists or remediation playbooks into separate references. The SOC 2 checklists, GDPR checklists, HIPAA mitigations, and remediation playbooks could each be separate files with the SKILL.md serving as an overview with links. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.